QwikSec

Security Database

CVE

CWE

Training

CVE-2003-0816

Published: Jan 14, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20030910 MSIE->WsFakeSrc

mailing-list

x_refsource_BUGTRAQ

20030910 MSIE->WsOpenJpuInHistory

mailing-list

x_refsource_BUGTRAQ

oval:org.mitre.oval:def:362

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:361

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:416

vdb-entry

signature

x_refsource_OVAL

20030910 MSIE->WsBASEjpu

mailing-list

x_refsource_BUGTRAQ

http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM

x_refsource_MISC

20030910 MSIE->NAFjpuInHistory

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_CERT-VN

20030910 MSIE->BackMyParent2:Multi-Thread version

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_MS

vdb-entry

x_refsource_SECTRACK

http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM

x_refsource_MISC

http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm

x_refsource_MISC

oval:org.mitre.oval:def:409

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:479

vdb-entry

signature

x_refsource_OVAL

20030911 LiuDieYu's missing files are here.

mailing-list

x_refsource_BUGTRAQ

http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm

x_refsource_MISC

oval:org.mitre.oval:def:459

vdb-entry

signature

x_refsource_OVAL

20030910 MSIE->NAFfileJPU

mailing-list

x_refsource_BUGTRAQ

20030910 MSIE->WsOpenFileJPU

mailing-list

x_refsource_BUGTRAQ

20030910 MSIE->RefBack

mailing-list

x_refsource_BUGTRAQ

http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM

x_refsource_MISC

http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM

x_refsource_MISC

oval:org.mitre.oval:def:363

vdb-entry

signature

x_refsource_OVAL

http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM

x_refsource_MISC

http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_CERT-VN

http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.